MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 7f139e55e24e25c6544a78d48a04400430a3431830e694ee0946d90075ec2a9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
CobaltStrike
Vendor detections: 5
| SHA256 hash: | 7f139e55e24e25c6544a78d48a04400430a3431830e694ee0946d90075ec2a9c |
|---|---|
| SHA3-384 hash: | 9ace2124df043da01cfe913a68a06d25228c730dd9aec752e5f8c55423d6090181140fa1ec9e2fda4b5c802b86a12c96 |
| SHA1 hash: | 0936e308ce2b644c28000e52ab40b0a1158e6135 |
| MD5 hash: | 5db0b77b9d1256aa8da7e50955897a41 |
| humanhash: | uranus-leopard-indigo-river |
| File name: | 5db0b77b_by_Libranalysis |
| Download: | download sample |
| Signature | CobaltStrike |
| File size: | 1'030'656 bytes |
| First seen: | 2021-05-05 15:01:33 UTC |
| Last seen: | 2021-05-05 16:00:53 UTC |
| File type: |  dll |
| MIME type: | application/x-dosexec |
| imphash | e16074196d80effb57a5d1cd03830f52 (1 x CobaltStrike) |
| ssdeep | 24576:oojJNxSwRQJEQltmEVRxfX7jf7oW/6jxz2Hx:/jdQJEQlTBXHfEWio |
| Threatray | 268 similar samples on MalwareBazaar |
| TLSH | AE256A4650B457F7CBE979F29F277EB066FAA273990F04C67B80163A0DCCD214909B29 |
| Reporter |  Libranalysis |
| Tags: | Cobalt Strike |
Intelligence
File Origin
# of uploads :
2
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Clean
Maliciousness:
Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Backdoor.CobaltStrikeLoader
Status:
Malicious
First seen:
2021-05-05 02:24:03 UTC
AV detection:
13 of 47 (27.66%)
Threat level:
5/5
Verdict:
malicious
Label(s):
cobaltstrike
Similar samples:
+ 258 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
1/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
7f139e55e24e25c6544a78d48a04400430a3431830e694ee0946d90075ec2a9c
MD5 hash:
5db0b77b9d1256aa8da7e50955897a41
SHA1 hash:
0936e308ce2b644c28000e52ab40b0a1158e6135
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0001.025] Anti-Behavioral Analysis::Software Breakpoints
1) [B0012.001] Anti-Static Analysis::Argument Obfuscation
2) [C0002.014] Communication Micro-objective::Read Header::HTTP Communication
3) [C0019] Data Micro-objective::Check String
4) [C0032.002] Data Micro-objective::Luhn::Checksum
5) [C0052] File System Micro-objective::Writes File
6) [C0040] Process Micro-objective::Allocate Thread Local Storage
7) [C0041] Process Micro-objective::Set Thread Local Storage Value
8) [C0018] Process Micro-objective::Terminate Process